ACL bug - The groot user is gone

diggy · June 13, 2020, 5:06am

Moved from GitHub dgraph/5650

Posted by MichelDiz:

What version of Dgraph are you using?

v20.03.3
v20.03.1

Works fine in v1.1.0

Have you tried reproducing the issue with the latest release?

Master, but the master has breaking changes for now.

What is the hardware spec (RAM, OS)?

32GB, Darwin

Steps to reproduce the issue (command/config used to run Dgraph).

dgraph zero

dgraph alpha  -o 100 --acl_secret_file ./key

Test on v1.2.5

dgraph zero

dgraph alpha --acl_secret_file ./key

➜  ~ dgraph acl -a localhost:9080 mod -u groot --new_password
[Decoder]: Using assembly version of decoder

Running transaction with dgraph endpoint: localhost:9080
Current password for groot:
Unable to modify: unable to get dgo client: unable to login to the groot account: rpc error: code = Unknown desc = Authentication from address [::1]:56051 failed: unable to authenticate through password: user not found for id groot

Expected behaviour and actual result.

PS. I think it is definitely related to the SPAMMING logs in GraphQL tasks. Cuz I had to force the shutdown.

access_ee.go:402 Successfully upserted the groot account

We should be able to run the go test in GitHub - dgraph-io/dgo: Official Dgraph Go client

Apparently it is or related to something in GraphQL bg tasks. Because the first time there was a bug with GraphQL SPAMMING logs. And with that, the command “upserted the groot account” was ignored.

My second theory has to do with offset_port. When I didn’t use offset_port it started to work normally in versions that weren’t working. Then, once it works again, I disconnect the cluster and go back to offset_port = 100 to test again (I need to use 8180 in go tests). And the problem happens again.

The “workaround”

What is weird is that this workaround sometimes works, sometimes I have to wait hours to make it work or reboot the system.

1 - Downgrade Dgraph to v1.1.0

curl https://get.dgraph.io -sSf | VERSION=v1.1.0 bash

dgraph alpha --acl_secret_file ./enc_key_file --lru_mb 4000

LOGs

Serving tablet for: dgraph.group.acl
Done schema update predicate:"dgraph.group.acl" value_type:STRING
Successfully upserted the groot account
...
 Login request from: [::1]:60757

then, kill it and upgrade to v20.03.0

curl https://get.dgraph.io -sSf | VERSION=v20.03.0 bash

gotjoshua · September 5, 2020, 5:02pm

Is there any update on this issue?

I am running master and it seems to not be addressed yet.
I do see a couple mentions of ACL:

alpha    | 2020-09-04T09:12:59.997033286Z I0904 09:12:59.996946      16 access_ee.go:373] ResetAcl closed                                                  
alpha    | 2020-09-04T09:12:59.997055692Z I0904 09:12:59.996962      16 access_ee.go:310] RefreshAcls closed

However I was able to get ACL working on v20.03.5-rc1-18-gb3cede557

Is it only broken (or even deprecated) on master?

Topic		Replies	Views
User not found for id groot Dgraph kind:question , dgo , area:commercial:acl	7	888	September 2, 2020
Acl not working! Dgraph	2	583	January 20, 2020
Dgraph ACL error with username "groot" Dgraph kind:bug	5	2294	August 5, 2020
Authentication issue with groot after dgraph live import Dgraph	0	579	January 25, 2022
Rpc error: code = Unknown desc = invalid username or password Dgraph	2	568	February 4, 2023